def forgot_password():
"""
Send a password reset email.
"""
form = ForgotPasswordForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data)
if user:
send_password_reset(user)
return '', 200
def login():
"""
Authenticate with the application.
"""
# TODO: issue API key here instead of cookie
form = LoginForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data.lower())
password = form.password.data
if user is not None and user.check_password(password):
login_user(user)
return jsonify(user)
return api_error(dict(form=['Invalid username/password.']))
def reset_password():
"""
Reset a user's password with valid token.
Will send a password reset notification email to user.
"""
reset_token_life = timedelta(
hours=current_app.config.get('RESET_TOKEN_LIFE', 24))
form = ResetPasswordForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data)
if not user:
return api_error(dict(form=['Could not find user.']))
if not user.reset_token or user.reset_token != form.token.data:
return api_error(dict(form=['Invalid reset token.']))
if user.reset_created_at < datetime.utcnow() - reset_token_life:
return api_error(dict(form=['Reset token expired']))
user.set_password(form.password.data)
user.reset_token = None
user.reset_created_at = None
user.save()
send_confirm_password_reset(user)
login_user(user)
return jsonify(user)
def validate_email(self, field):
if self.validate_unique_email and User.get_by_email(field.data):
raise ValidationError('This email is already in use.')
def validate_email(self, field):
if self.validate_unique_email and User.get_by_email(field.data):
raise ValidationError('This email is already in use.')
